News

=========================================================== Ubuntu Security Notice USN-595-1 March 26, 2008 sdl-image1.2 vulnerabilities CVE-2007-6697, CVE-2008-0544 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsdl-image1.2 1.2.4-1ubuntu0.1 Ubuntu 6.10: libsdl-image1.2 1.2.5-2ubuntu0.6.10.1 Ubuntu 7.04: libsdl-image1.2 1.2.5-2ubuntu0.7.04.1 Ubuntu 7.10: libsdl-image1.2 1.2.5-3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Michael Skladnikiewicz discovered that SDL_image did not correctly load GIF images. If a user or automated system were tricked into processing a specially crafted GIF, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service. (CVE-2007-6697) David Raulo discovered that SDL_image did not correctly load ILBM images. If a user or automated system were tricked into processing a specially crafted ILBM, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service. (CVE-2008-0544)